Due to the variety of scanners available in the market (standalone, as part of a printer or fax or multifunction systems), some may experience trouble with permissions.

Preventing permissions issues

You MUST have your scanner plugged in to the server before installing the app!
After installing the app, there will be a file called install_pt2.sh in the app directory (by default, /var/hda/web-apps/scanner).
To run it, use the following commands after plugging in your scanner:

su -

(enter root password)

cd /var/hda/web-apps/scanner
./install_pt2.sh

Afterward, you can delete install_pt2.sh.
The basic steps the script takes are below. If the script doesn't detect your server, or it detects the wrong one, you may need to take the steps below.

Older instructions

We want to make the scanner RW for a scanner group, that Apache is a member of and has access to. To do this, start by making a new group:

su -
groupadd -r scanner

Add apache and root to the new group:

usermod -a -G scanner apache
usermod -a -G scanner root

Next, we need to tell the system to set the scanner permissions so it uses the new group.

To do that, we need to know how to identify the scanner. I'm assuming you have a USB scanner; if not, the process is similar, but I'm not sure how to identify the scanner correctly.

With the scanner plugged in, run the lsusb command. You'll get several lines like this:

Look for the one that looks like it's for your scanner or printer (if the scanner is built in, as is the case above for the all-in-one printer+scanner from HP), and write down the two numbers next to ID (in this case 03f0 and 5d11). The left number is the vendor ID, and the right is the product ID. Another option is to look here: http://www.linux-usb.org/usb.ids for your manufacturer and product.

AS ROOT, create a file called 15-scanner.rules in the /etc/udev/rules.d/ directory that contains exactly one line:

SUBSYSTEM=="usb", ATTR{idVendor}=="<left number from lsusb>", ATTR{idProduct}=="<right number from lsusb>", ACTION=="add",NAME="bus/usb/$env{BUSNUM}/$env{DEVNUM}", GROUP="scanner",OPTIONS+="last_rule"

This tells the system "If this SPECIFIC USB device is plugged in, make it part of the scanner group with the default permissions (RW by owner and group), and stop processing rules.

Save the file, then:

restart the httpd service to pick up the group permissions, via Apps -> Servers or by hand as root with:

service httpd restart

unplug and replug your scanner to pick up the settings

That should be it.

An alternate idea: a shell script at install, to set up a rule for you.

Basically, this makes sure the script is running as root (and becomes root if not), lists the currently attached USB devices, and asks for the vendor and product IDs. It then pastes those into a rule that will work.